Blog

Cloud-native Windows endpoints might be easier to achieve than you think

30th Apr 2025

Home
News And Resources
Insights
Cloud-native Windows endpoints might be easier to achieve than you think

Many organisations have now adopted a hybrid modern workplace environment with user identities in on-premises Active Directory (AD), synchronised to Entra ID using Microsoft Entra Connect (formally Azure AD Connect) or Connect cloud sync. Typically devices are hybrid joined, enabling them to sign in to both cloud and on-premises resources too. This gives your users the ability to single sign on (SSO) to your cloud applications.

However, Hybrid join has its issues and complexities. Microsoft now recommend using Entra joined devices where possible¹, due to the simplicity of device deployment and management, but how do you achieve this?

A common misunderstanding is that in order to start using Entra joined devices, you need to have made all of your applications cloud-native, or deploy a cloud application proxy, but it might not be that difficult.

What is Microsoft Entra join?

Microsoft Entra join allows devices to be registered directly with Entra ID, providing a unified identity for accessing both cloud and on-premises resources. This approach is suitable for organisations of all sizes and can be used in both cloud-only and hybrid environments. Key benefits include:

Simplified device provisioning

Devices can be enrolled using self-service options like Windows Out of Box Experience (OOBE), bulk enrolment, or Windows Autopilot. Typically Entra join Autopilot provisioning is more simple than Hybrid join.

Enhanced security

Entra ID join supports passwordless authentication methods such as Windows Hello for Business and FIDO2 security keys.

Unified management

Devices can be managed using Mobile Device Management (MDM) tools like Microsoft Intune, ensuring consistent security policies and configurations.

Remove reliance on on-premises servers

As devices connect to Entra ID in the cloud, their configuration comes from an MDM platform such as Intune so you don’t need to rely on Group Policy configuration or other on-premises management tools.

Introducing Entra Connect SSO

Entra Connect SSO enables Entra joined devices to sign on to on-premises resources that rely on Active Directory, for example, printers, file shares, or applications. It does this by synchronising on-premises user and domain information to Entra ID. When the signed on user wants to access an on-premises resource the device:

Sends domain information and user credentials to a discovered Domain Controller to authenticate the user.
Receives a token used to authenticate to the on-premises resource.

Although there are some prerequisites such as ensuring line of sight communication with your domain controllers, functioning DNS, and certain attribute synchronisation, it’s possible that Entra join may just enable you to sign on to the resources your users need without much additional configuration. It really can be that straightforward.

Next steps

Explore the use of Entra join devices

boxxe is able to assist you in exploring the feasibility of using Entra join devices, starting with an assessment against the prerequisites, and the deployment of a Proof of Concept.

With an agreed number of devices for testing, you will be able to assess your current setup and see how Entra join devices can SSO to applications, printers and file shares, or where you may need to make changes to facilitate the use of cloud-native devices.

For further information, reach out to us now:

Email boxxe

^Sources:¹^{Join your cloud-native endpoints to Microsoft Entra - Microsoft Intune | Microsoft Learn}

What we use your personal data for	Our reasons
Creating and managing your account with us	To perform our contract with you or to take steps at your request before entering into a contract
Providing products and/or services to you	To perform our contract with you or to take steps at your request before entering into a contract
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us	To comply with our legal and regulatory obligations
Enforcing legal rights or defend or undertake legal proceedings	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
Customising our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website	Depending on the circumstances: — your consent as gathered e.g., by the separate cookies tool on our website—see ‘Cookies and other tracking technologies’ below — where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent, you may withdraw it at any time by changing the setting on the cookies tool (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended	Depending on the circumstances: — your consent as gathered by the separate cookies tool on our website]—see ‘Cookies and other tracking technologies’ below — where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent you may withdraw it at any time by clearing your cookie settings and rejecting when you revisit our website (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products AND/OR services or other important notices	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Protecting the security of systems and data used to provide the services	To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Statistical analysis to help us understand our customer base	For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Updating and enhancing customer records	Depending on the circumstances: — to perform our contract with you or to take steps at your request before entering into a contract — to comply with our legal and regulatory obligations — where neither of the above apply, for our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant	To comply with our legal and regulatory obligations
Marketing our services to existing and former customers	For our legitimate interests, i.e., to promote our business to existing and former customers. See Marketing below for further information
The audit of our ISO certifications (to the extent not covered by ‘activities necessary to comply with legal and regulatory obligations’ above)	For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e., to protect, realise or grow the value in our business and assets

Recipient	Processing operation (use) by recipient	Relevant categories of personal data transferred to recipient
Google	We use Google Analytics (GA4) cookies to collect data about the visitors to the site which includes the number of visitors, session duration, pages visited during the session etc. and whether visitors return. Google Analytics will assign a unique “ID” to a user of the boxxe website at the point they register an account with us for the purpose of tracking their activity on the boxxe website. This information is anonymous and cannot be used to identify you personally unless you end up becoming a boxxe customer. Google Analytics cannot use the ID to work out who you are.	Device’s IP address (processed during your session and stored in a de-identified form) geographic location (country only), and the preferred language used to display our website. Google Analytics stores this information on our behalf in a pseudonymized user profile.
Hotjar Ltd	We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. Hotjar is contractually forbidden to sell any of the data collected on our behalf.	This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.
Dotdigital	Dotdigital is a SaaS cross-channel marketing automation platform and services provider that helps brands devise successful, personalized marketing campaigns across multiple channels (e.g. email). Paired with its Microsoft Dynamics 365 CRM integration, boxxe is able to deliver tailored marketing to its customers.	Contact data (such as email address, contact number, name or other contact details), marketing preferences, IP address and usage information (including online navigation data, location data and browser data).
Darktrace	Darktrace’s Security Platform enhances boxxe’s cybersecurity position by providing endpoint protection, cloud security, and email security. Darktrace uses AI-driven tools to detect and respond to potential threats, such as malware, phishing attacks, and insider threats, by continuously monitoring network traffic, user behaviour, and cloud-based resources. It aims to prevent data breaches and minimize cyber risks by identifying and mitigating security threats in real-time.	Contact data (name, email address, user name), devide identifiers (e.g. IP address) and/or mobile identifiers, location data to nearest city, usage information (including tracking or browsing behavior).
Greenhouse	Greenhouse ATS is a cloud-based software that helps companies manage their recruitment processes. It organizes and tracks job applications, resumes, and candidate information. Greenhouse ATS collects applications and stores data about the applicants, such as which source they came from, which role they applied to and where they are in the application process. Greenhouse ATS features applicant tracking, background screening, interview scheduling, and onboarding.	Contact details (name, email address, home address, telephone number) and any special accommodations needed if successful for interview and employment.

Recipient country	Recipient	Processing operation (use) by recipient	Lawful safeguard
Ireland	Hotjar	Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.	Adequacy regulation further to paragraph 5(1)(a) of Part 3 of Schedule 21 to the Data Protection Act 2018 https://www.hotjar.com/legal/support/dpa/
USA	Stripe Inc	In order to facilitate online payments through boxxe’s ecommerce portal, where applicable, Stripe may Process Payment Account Details, bank account details, billing/shipping address, name, date/time/amount of transaction, device ID, email address, IP address/location, order ID, payment card details, tax ID/status, unique customer identifier, identity information including government issued documents (e.g., national IDs, driver’s licenses and passports).	UK Data Transfer Addendum https://stripe.com/gb/legal/dpa
EEA	Dotdigital	Boxxe will provide certain information about its customers to Dotdigital in order for it to be able to provide automated marketing services that are tailored to its specific customer interests.	Adequacy regulation further to paragraph 5(1)(a) of Part 3 of Schedule 21 to the Data Protection Act 2018. https://dotdigital.com/terms/data-processing-agreement/
Ireland/EEA/USA	Greenhouse	Data will primarily be stored at rest in Greenhouse’s Silos - EU-Central-1 (Frankfurt) and EU-West-1 (Ireland) for disaster recovery. Data will only be transferred to and from Greenhouse servers in the EU and the US for essential business activities, including technical support, sub-processor services, and others as outlined in the Greenhouse DPA (data processing agreement).	Legal – Data processing addendum \| Greenhouse

Access to a copy of your personal data	The right to be provided with a copy of your personal data
Correction (also known as rectification)	The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)	The right to require us to delete your personal data—in certain situations
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use	The right to object: at any time to your personal data being used for direct marketing (including profiling in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by our website
The right to withdraw consents	If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time You may withdraw consents by emailing ecommerce@boxxe.com. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

Explore our bestselling computers

Explore our bestselling accessories

Latest Case Studies

boxxe x IBM - Accelerating Cybersecurity with AI

DeMontfort Fine Art - Where Culture meets Cybersecurity

Derbyshire Healthcare NHS Foundation Trust Data Migration

Helpful Insights

Already a customer?

Already a customer?

Cloud-native Windows endpoints might be easier to achieve than you think

What is Microsoft Entra join?

Simplified device provisioning

Enhanced security

Unified management

Remove reliance on on-premises servers

Introducing Entra Connect SSO

Next steps

Explore the use of Entra join devices

Explore our bestselling computers

Explore our bestselling accessories

Latest Case Studies

boxxe x IBM - Accelerating Cybersecurity with AI

DeMontfort Fine Art - Where Culture meets Cybersecurity

Derbyshire Healthcare NHS Foundation Trust Data Migration

Helpful Insights

Already a customer?

Already a customer?

Cloud-native Windows endpoints might be easier to achieve than you think

What is Microsoft Entra join?

Simplified device provisioning

Enhanced security

Unified management

Remove reliance on on-premises servers

Introducing Entra Connect SSO

Next steps

Explore the use of Entra join devices

General

Types of data we collect

If you fail to provide personal data

How your personal data is collected

How and why we use your personal data

Marketing

Who we share your personal data with

Who we share your personal data with - in more detail

Overseas transfers and sharing personal data with sub-processors

Transferring your personal data out of the UK - in more detail

How long your personal data will be kept

Data Security

Cookies and other tracking technologies

Your Rights

Policy Changes

Contact Us